A hacker broke into a wireless carrier's network over at least seven months and read e-mails and personal computer files of hundreds of customers, including the Secret Service agent investigating the hacker, the government said on Wednesday.
The hacker obtained an internal Secret Service memorandum and part of a mutual assistance legal treaty from Russia. The documents contained "highly sensitive information pertaining to ongoing ... criminal cases," according to court records.
The break-in targeted the network for Bellevue, Washington-based T-Mobile USA, which has 16.3 million customers in the US. It was discovered during a Secret Service investigation, "Operation Firewall," which targeted underground hacker organizations known as Shadowcrew, Carderplanet and Darkprofits.
The hacker was able to view the names and Social Security numbers of 400 customers, all of whom were notified in writing about the break-in, T-Mobile said. It said customer credit card numbers and other financial information never were revealed.
"Safeguarding T-Mobile customer information is a top priority for the company," said a spokesman, Peter Dobrow. He said T-Mobile discovered the break-in late in 2003 and "immediately took steps that prevented any further access to this system."
Court records said the hacker had access to T-Mobile customer information from at least March through last October.
The Secret Service said its agent, Peter Cavicchia, should not have been using his personal handheld computer for government work. Cavicchia, a respected investigator who has specialized in tracking hackers, was a T-Mobile customer who coincidentally was investigating the T-Mobile break-in, according to court documents and a Secret Service spokesman, Jonathan Cherry.
Cavicchia, who won the Secret Service's medal of valor for his actions in the Sept. 11 terror attacks, resigned to work in the private sector. He said he was not asked to leave and said he was cleared during an internal investigation into whether he had improperly revealed sensitive information or violated agency rules.
Nicolas Lee Jacobsen, 21, of Santa Ana, California, a computer engineer, has been charged with the break-in in US District Court in Los Angeles. Court records said an online offer last March, traced to Jacobsen, claimed hackers could look up the name, Social Security number, birth date and passwords for voice mails and e-mails for T-Mobile customers.
Investigators said they traced the hacker's online activities to a hotel in Williamsport, New York, where Jacobsen was staying. Jacobsen, who was arrested in October in California, was released on a US$25,000 bond posted by his uncle, who was ordered to keep his own personal computer locked up so Jacobsen couldn't use it.
The case against Jacobsen was first reported by the Web site Security Focus.